The situation is pretty grim. Even the term "back door" completely undermines the situtation. It not just some backdoor, it is a full blown computer with unrestricted access to all the hardware and system memory, running an entire operating system, network stack, java virtual machine etc. The leaks that have been made in the last years also suggest that these things have been widely exploited.

If it were so that, only potentially this could be used for bad stuff, then I would call it paranoia or conspiracy theorizing to suggest that it is, well, concerning. That the NSA/Russia can use this to track "terrorists and other bad people" is only a little bit worrisome in my opinion.

But that there are published and known security vulnerabilities in Management engine is way much more worrisome. Perhaps the management engine cannot be used in the way it was designed without an intel network chip, but that does not automatically mean that the weaknesses in it cannot be exploited even on machines with other network chips.

As long as there is only closed source options for the hardware, then ultimately, of course, the code cannot be audited by anyone willing to do so. And companies have pretty bad track records, most of the projects that have either been open sourced or leaked have shown very sloppy code... This is, of course, understandable as there is little money in making systems safe, except for some few fringe cases. Most computers and phones get a few firmware updates right after their release, but that's it.

Although most ARM-based computers have a much simpler booting process that does not involve entire computers that the user does not have any access to, still most of them use simple bootloaders, gpu drivers and other stuff that is closed source. IIRC the only gpu stack that has working open source alternatices for it is the reverse engineered etnaviv (although freedreno, lima and other projects attmept to do the same for these gpu's). Many of them are also SOC's where the cpu is permanently attached to peripherals cannot be "turned off".

There are other architectures but most of them are very obscure/hard to come by or unsuitable for PC use. For example, I believe SPARC processors don't have these hardware level security problems like described in OP, but there are other reasons why they are not easily adapted to normal home use.

RISCV is interesting because the ISA is open. That means that it is very hard to insert hardware level "back doors", since users have the freedom to validate the hardware. However, there are (AFAIK) no free code GPU's for that architecture either (at least currently) and therefore any kind of software level bad code can be involved. But this might change in the coming years.

I'm surprised nobody has mentioned POWER9 yet, This is the FSFs suggested solution to the ME/backdoor drama.Still in pre-order, but I am tempted to buy one. Looks pretty badass, and I am in the market for a new server.

steve_v wrote:I'm surprised nobody has mentioned POWER9 yet, This is the FSFs suggested solution to the ME/backdoor drama.Still in pre-order, but I am tempted to buy one. Looks pretty badass, and I am in the market for a new server.

OK. The thing is that it is realistically conceiveable that ARM, RISC-V etc. can to some extent replace x86 computers in home use. Last I checked these power9 products were several thousand just for the mother board. I believe the company you link to even had a crowd funding campaign that failed miserably, like they got only one bidder. The product was just way too expensive. It does sound like they are willing to create a fully auditable platform, it just doesn't sound like it could help home users much.

Perhaps, though the cost of such things is inversely proportional to the number produced. Hence ARM hardware found in every Android phone is cheap, while power9, which is not widely deployed yet, is not.You say power9 is too expensive. I say ARM is too slow. Show me an ARM CPU that fits your definition of reasonably priced and can compete with current x86 gear, in terms of raw performance.Show me an ARM CPU that can to professional level CAD.Hell, show me any ARM CPU that can break-even with my 4 year old I7. 6 cores @ 3.5GHz, minimum. 32GB system memory, minimum. Go. I'm making it easy here...

For "internet and email" sure, ARM all the way. But I have zero interest in an architecture that is designed around low cost and low power consumption making it's way into my desktop. And yes, this desktop is at my home, therefore "home use". Yes, I do CAD at home. Yes, I need the performance. At home.

If the Talos 2 ever goes into production, I'll almost certainly buy one. As far as I can tell, it's the only fully open and auditable platform available with acceptable performance.I'm not willing to pre-order it though, at least not at that price. If the company went belly-up right after I'd be left with an expensive orphan, and that would kinda piss me off.

wizard10000 wrote:One thing I haven't heard anyone mention is that if your NIC isn't Intel I don't see how their ME can connect to anything.

Having 100% control over everything I do not see there would be any difficulties for MINIX to reach out to the internet using any hardware available, it may rely on user OS provided drivers in some cases, though.

For AMT to allow remote access, three things are necessary: an Intel chip with vPro support, an Intel networking card, and the corporate version of the Intel Management Engine binary.

This seems to imply that, assuming someone isn't physically at your computer (utilizing a USB exploit, for example) or convincing you to download "cool_screensaver.bin", remote code execution should be moot so long as one of those modules, like wifi, is not intel.

If so, then, for the average consumer, worried about frying their bios with the internal and external me_cleaner tutorials, would the best protection not be to swap-out any intel-based wifi hardware with non-intel ones?

I ask because it isn't clear to me how deeply this minix "spin" can be exploited if rce is disabled or rendered useless. It also isn't clear the degree to which it has been exploited -- I'd be interested to read any new findings on this. So, it's hard to make a clear judgment about whether or not the ME can really reach out to available hardware, although, to err on the safe side, I assume "probably" is the best prediction.

steve_v wrote:Perhaps, though the cost of such things is inversely proportional to the number produced. Hence ARM hardware found in every Android phone is cheap, while power9, which is not widely deployed yet, is not.

I wish this were all there is to it.

steve_v wrote:You say power9 is too expensive. I say ARM is too slow. Show me an ARM CPU that fits your definition of reasonably priced and can compete with current x86 gear, in terms of raw performance.

As far as I can see, I didn't say that. If you can show me were you feel that I said that, then perhaps I can answer this.

steve_v wrote:Show me an ARM CPU that can to professional level CADHell, show me any ARM CPU that can break-even with my 4 year old I7. 6 cores @ 3.5GHz, minimum. 32GB system memory, minimum. Go. I'm making it easy here...

Well, considering that I never said that there is (or that there is even a need for) an ARM processor that can "do professional level CAD", I think I'll pass. But for what it's worth, the Coretex-A75 is going to attempt laptop and sercer market share, I believe, and is supposedly significantly better than its predecessor. If I absolutely have to show any ARM processor that "can compete with your laptop", I'd say what abnout this "tens of teraflops" ARM processor: https://www.top500.org/news/cray-to-del ... onsortium/

steve_v wrote:For "internet and email" sure, ARM all the way. But I have zero interest in an architecture that is designed around low cost and low power consumption making it's way into my desktop. And yes, this desktop is at my home, therefore "home use". Yes, I do CAD at home. Yes, I need the performance. At home.

So, you are saying that because you have the very fringe case need for professional level CAD at home, that my statement that ARM has more chances in replacing average use is off, or not? And that a computer with a 1400W PSU and a 6000 USD price tag is more likely to replace x86 at home?

n_hologram wrote:I want to inquire about a small aspect of this conversation:

Segfault wrote:

wizard10000 wrote:One thing I haven't heard anyone mention is that if your NIC isn't Intel I don't see how their ME can connect to anything.

Having 100% control over everything I do not see there would be any difficulties for MINIX to reach out to the internet using any hardware available, it may rely on user OS provided drivers in some cases, though.

For AMT to allow remote access, three things are necessary: an Intel chip with vPro support, an Intel networking card, and the corporate version of the Intel Management Engine binary.

This seems to imply that, assuming someone isn't physically at your computer (utilizing a USB exploit, for example) or convincing you to download "cool_screensaver.bin", remote code execution should be moot so long as one of those modules, like wifi, is not intel.

If so, then, for the average consumer, worried about frying their bios with the internal and external me_cleaner tutorials, would the best protection not be to swap-out any intel-based wifi hardware with non-intel ones?

I ask because it isn't clear to me how deeply this minix "spin" can be exploited if rce is disabled or rendered useless. It also isn't clear the degree to which it has been exploited -- I'd be interested to read any new findings on this. So, it's hard to make a clear judgment about whether or not the ME can really reach out to available hardware, although, to err on the safe side, I assume "probably" is the best prediction.

I don't know how possible these exploits are and if it is at all possible to make realistic judgement on this issue given that the code is top secret, apparently not even shared with firmware developers. There have been some exploits, for example a "super rootkit" was demonstrated and last year a criminal group apparently used another vulnerability. From what is known about these, you can maybe make inferences, see wikipedia. You need to remember that even if the way it is supposed to work requires Intel network chip etc, it might be possible that here are hacks or workarounds that can be used to do something adverse with it outside of the normal use scenario. Perhaps someone can spoof an Intel wifi chip some how or use the ME chip to write to system RAM programs that do adverse stuff with the OS network stack (the firmware has its own network stack that is entirely invisible to Linux/any other operating system and is not affected by your kernel's firewall at all). Since the chip can read the HDD, the RAM and NVRAM and stores stuff on its own flash chip, perhaps there are ways to make it read data that it thought it stored there, but which in reality is exploit code? It is known that it can be used to reads non-encrypted data from the HDD for example when it analyses the health status of the machine. If you knew where exactly it is going to read and how much, you could feed it stuff, I suppose. Also, it allows for the BIOS to write to its own memory area for updating itself if needed using a tech called Host ME Region Flash Protection Override (see last link). This is really wild speculation, of course.

tynman wrote:Someone please let me know when the Power9 CPUs with suitable motherboards are down around the $300 point.

As far as I know, the only power9 gear around is server-grade, and you won't get Intel / AMD server grade stuff for that price either. It's entirely possible to build desktop-orientated boards with the architecture, but AFAIK nobody's doing it (yet).Hell, (assuming USD) $300 is a pittance even for an AMD desktop board + CPU. I certainly can't find anything worth having for that price around here, at least not new.

The price is really high, but other than that the architecture is for sure very interesting. I am wondering a bit, why Google is not adapting it (or are they?). Because there were some news items about Google being concerned about Management Engine, and even starting a project to remove it:

pylkko wrote:I am wondering a bit, why Google is not adapting it (or are they?). Because there were some news items about Google being concerned about Management Engine, and even starting a project to remove it: